private group administration

[Robert Locke]

On Sun, 2008-10-19 at 13:17 +0200, Till Maas wrote:
> On Sat October 18 2008, Robert Locke wrote:
> > On Sat, 2008-10-18 at 12:25 -0400, Chuck Anderson wrote:
> 
> > > Right, with groups you can have files inherit the group from the
> > > directory they are in.  Is there any inheritance with ACLs?
> >
> > See 'setfacl d:' which can be used to set a "default" ACL on a directory
> > so that all "newly created files" will inherit it....
> 
> But this does not work satisfactory all the times. Given you have a directory 
> on one system that everybody within a certain groups should be able to access 
> completely. Then you scp a file that is not group writable (e.g. from a cd) 
> to it. Which default ACL for a group will makes the file writeable or 
> chmodable for everyone from this group? Afaik there is no such ACL. The best 
> approaches except giving everybody chmod/chown acces via sudo would be to 
> mount vfat filesystem into the directory, because it accepts a gid/uid mount 
> option to enforce a certain gid for all contents, or to use a fuse wrapper 
> filesystem that manages the permissions, but I am not sure, whether this is 
> possible or does already exist.

Little confused on your scenario.

A newly created file will get the ownership of the process creating it
(user/primary group), unless the directory is SGID then it will get the
group of the directory.  The permissions assigned will be based on the
creating programs desire minus umask.  The ACLs assigned will be based
on the "Default ACLs" of the directory (if any were set). But this only
applies to "newly" created files, so let's talk about copying....

If you use "cp -a" or "cp -p" or "mv", these endeavor to "preserve" the
permissions from whence the file came from, and what I described above
does not apply.  A simple cp without arguments would be creating "new"
files, and the above would apply.

Does that clarify why you are not getting the Default ACL sometimes?

--Rob